Android SSL证书转换

时间:2016-12-21 10:06:31

标签: android ssl

我想使用android HTTPS连接。我有.crt格式的SSL证书,但android需要.bks格式如何在ubuntu中转换此证书格式

2 个答案:

答案 0 :(得分:0)

步骤: -

  1. 转换" .crt" to" .cer - (Base 64)"通过Windows操作系统或任何其他来源。

  2. 下载" Bouncy Castle提供商" (bcprov-jdkxx-xxx.jar)来自http://www.bouncycastle.org/latest_releases.html

  3. 使用以下cmd转换" .cer"生成到" .bks"格式: -

    4. " pathOfJRE / bin中/ keytool_here" -importcert -v -trustcacerts -file" .cerFilePath_here" -alias myAlias -keystore" pathToStoreGeneratedBKSfile_here" -provider org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath" downloadedBouncyCastleProviderLocation_here" -storetype BKS -storepass" bksFilePassword_here"

    ******例****** " C:\ Program Files(x86)\ Java \ jre1.8.0_91 \ bin \ keytool" -importcert -v -trustcacerts -file" C:\ Users \ chetan \ Desktop \ Pravin-123 / abc_prod.cer" -alias myAlias -keystore" C:\ Users \ chetan \ Desktop \ Pravin-123 / abc_tbu__prod.bks" -provider org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath" C:\ Users \ chetan \ Desktop \ Pravin-123 \ bcprov-jdk15on-155.jar" -storetype BKS -storepass" abc!Tbu @ app123"

    1. 验证生成的.bks文件,cmd: -

      2. " pathOfJRE / bin中/ keytool_here" -list -keystore" pathOfeGeneratedBKSfile_here" -provider org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath"" downloadedBouncyCastleProviderLocation_here" -storetype BKS -storepass" bksFilePassword_here"

      ****** *****实施例 " C:\ Program Files(x86)\ Java \ jre1.8.0_91 \ bin \ keytool" -list -keystore" C:\ Users \ chetan \ Desktop \ Pravin-123 / abc_tbu__prod.bks" -provider org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath" C:\ Users \ chetan \ Desktop \ Pravin-123 \ bcprov-jdk15on-155.jar" -storetype BKS -storepass"" abcTbu @ app123"

      1. 在android中使用此bks文件。将其放在原始文件夹中,并将其路径提供给Secure httpUrlConnection

        2. -Ref:  http://transoceanic.blogspot.in/2011/11/android-import-ssl-certificate-and-use.html

        https://github.com/ikust/hello-pinnedcerts

答案 1 :(得分:0)

要生成.bks文件,您需要:

  • openssl
  • sed
  • keytool(JAVA附带)
  • Bouncy Castle Jar - Link to File

现在执行以下步骤:

获取服务器的公共自签名证书: 

echo | openssl s_client -connect [SERVER_URL]:443 2>&1 | \
  sed -ne "/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p" > [Certificate_file_name].pem

使用密码生成.bks文件 

keytool -importcert -v -trustcacerts -file "[Certificate_file_name].pem" \
  -alias [Alias_name] -keystore "[BKS_file_name].bks" \
  -provider org.bouncycastle.jce.provider.BouncyCastleProvider \
  -providerpath "[DOWNLOADED_JAR_FILE_PATH]" -storetype BKS -storepass [Pass_phrase]

确认文件已创建 

keytool -list -keystore "[BKS_file_name].bks" \
  -provider org.bouncycastle.jce.provider.BouncyCastleProvider \
  -providerpath "[DOWNLOADED_JAR_FILE_PATH]" -storetype BKS -storepass [Pass_phrase]
相关问题
最新问题